[ros-diffs] [ekohl] 46629: [NTORKRNL] SepAccessCheck: Deny access if the DACL is is empty (but not NULL).
ekohl at svn.reactos.org
ekohl at svn.reactos.org
Wed Mar 31 23:02:38 CEST 2010
Author: ekohl
Date: Wed Mar 31 23:02:38 2010
New Revision: 46629
URL: http://svn.reactos.org/svn/reactos?rev=46629&view=rev
Log:
[NTORKRNL]
SepAccessCheck: Deny access if the DACL is is empty (but not NULL).
Modified:
trunk/reactos/ntoskrnl/se/semgr.c
Modified: trunk/reactos/ntoskrnl/se/semgr.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/semgr.c?rev=46629&r1=46628&r2=46629&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] Wed Mar 31 23:02:38 2010
@@ -457,6 +457,14 @@
}
}
+ /* Deny access if the DACL is empty */
+ if (Dacl->AceCount == 0)
+ {
+ *GrantedAccess = 0;
+ *AccessStatus = STATUS_ACCESS_DENIED;
+ return FALSE;
+ }
+
/* RULE 3: Check whether the token is the owner */
Status = RtlGetOwnerSecurityDescriptor(SecurityDescriptor,
&Sid,
More information about the Ros-diffs
mailing list